draft-ietf-ldapbis-syntaxes-05.txt   draft-ietf-ldapbis-syntaxes-06.txt 
INTERNET-DRAFT S. Legg, Editor INTERNET-DRAFT S. Legg, Editor
draft-ietf-ldapbis-syntaxes-05.txt Adacel Technologies draft-ietf-ldapbis-syntaxes-06.txt Adacel Technologies
Intended Category: Standard Track K. Dally Intended Category: Standard Track K. Dally
Obsoletes: RFC 2252, RFC 2256 The MITRE Corp. Obsoletes: RFC 2252, RFC 2256 The MITRE Corp.
27 February 2003 3 June 2003
LDAP: Syntaxes and Matching Rules LDAP: Syntaxes and Matching Rules
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2003). All Rights Reserved.
Status of this Memo Status of this Memo
This document is an Internet-Draft and is in full conformance with This document is an Internet-Draft and is in full conformance with
all provisions of Section 10 of RFC2026. all provisions of Section 10 of RFC2026.
skipping to change at page 1, line 42 skipping to change at page 1, line 42
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This document is intended to be, after appropriate review and This document is intended to be, after appropriate review and
revision, submitted to the RFC Editor as a Standard Track document. revision, submitted to the RFC Editor as a Standard Track document.
Distribution of this document is unlimited. Technical discussion of Distribution of this document is unlimited. Technical discussion of
this document should take place on the IETF LDAP Revision Working this document should take place on the IETF LDAP Revision Working
Group (LDAPbis) mailing list <ietf-ldapbis@openldap.org>. Please Group (LDAPbis) mailing list <ietf-ldapbis@openldap.org>. Please
send editorial comments directly to the editor send editorial comments directly to the editor
<steven.legg@adacel.com.au>. <steven.legg@adacel.com.au>.
This Internet-Draft expires on 27 August 2003. This Internet-Draft expires on 3 December 2003.
Abstract Abstract
Each attribute stored in a Lightweight Directory Access Protocol Each attribute stored in a Lightweight Directory Access Protocol
(LDAP) directory, and whose values may be transfered in the LDAP (LDAP) directory, and whose values may be transfered in the LDAP
protocol, has a defined syntax which constrains the structure and protocol, has a defined syntax which constrains the structure and
format of its values. The comparison semantics for values of a format of its values. The comparison semantics for values of a
syntax are not part of the syntax definition but are instead provided syntax are not part of the syntax definition but are instead provided
through separately defined matching rules. Matching rules specify an through separately defined matching rules. Matching rules specify an
argument, an assertion value, which also has a defined syntax. This argument, an assertion value, which also has a defined syntax. This
skipping to change at page 3, line 35 skipping to change at page 3, line 35
4.3.12 Fax ................................................. 13 4.3.12 Fax ................................................. 13
4.3.13 Generalized Time .................................... 14 4.3.13 Generalized Time .................................... 14
4.3.14 Guide ............................................... 15 4.3.14 Guide ............................................... 15
4.3.15 IA5 String .......................................... 15 4.3.15 IA5 String .......................................... 15
4.3.16 Integer ............................................. 16 4.3.16 Integer ............................................. 16
4.3.17 JPEG ................................................ 16 4.3.17 JPEG ................................................ 16
4.3.18 LDAP Syntax Description ............................. 16 4.3.18 LDAP Syntax Description ............................. 16
4.3.19 Matching Rule Description ........................... 17 4.3.19 Matching Rule Description ........................... 17
4.3.20 Matching Rule Use Description ....................... 17 4.3.20 Matching Rule Use Description ....................... 17
4.3.21 Name and Optional UID ............................... 18 4.3.21 Name and Optional UID ............................... 18
4.3.22 Name Form Description ............................... 18 4.3.22 Name Form Description ............................... 19
4.3.23 Numeric String ...................................... 19 4.3.23 Numeric String ...................................... 19
4.3.24 Object Class Description ............................ 19 4.3.24 Object Class Description ............................ 19
4.3.25 Octet String ........................................ 20 4.3.25 Octet String ........................................ 20
4.3.26 OID ................................................. 20 4.3.26 OID ................................................. 20
4.3.27 Other Mailbox ....................................... 21 4.3.27 Other Mailbox ....................................... 21
4.3.28 Postal Address ...................................... 21 4.3.28 Postal Address ...................................... 21
4.3.29 Printable String .................................... 22 4.3.29 Printable String .................................... 22
4.3.30 Substring Assertion ................................. 23 4.3.30 Substring Assertion ................................. 23
4.3.31 Telephone Number .................................... 23 4.3.31 Telephone Number .................................... 24
4.3.32 Teletex Terminal Identifier ......................... 24 4.3.32 Teletex Terminal Identifier ......................... 24
4.3.33 Telex Number ........................................ 25 4.3.33 Telex Number ........................................ 25
4.3.34 UTC Time ............................................ 25 4.3.34 UTC Time ............................................ 25
5. Matching Rules ................................................ 26 5. Matching Rules ................................................ 26
5.1 General Considerations .................................... 26 5.1 General Considerations .................................... 26
5.2 Matching Rule Definitions ................................. 28 5.2 Matching Rule Definitions ................................. 28
5.2.1 bitStringMatch ....................................... 28 5.2.1 bitStringMatch ....................................... 28
5.2.2 caseExactIA5Match .................................... 28 5.2.2 caseExactIA5Match .................................... 28
5.2.3 caseIgnoreIA5Match ................................... 29 5.2.3 caseIgnoreIA5Match ................................... 29
5.2.4 caseIgnoreIA5SubstringsMatch ......................... 29 5.2.4 caseIgnoreIA5SubstringsMatch ......................... 29
5.2.5 caseIgnoreListMatch .................................. 29 5.2.5 caseIgnoreListMatch .................................. 30
5.2.6 caseIgnoreListSubstringsMatch ........................ 30 5.2.6 caseIgnoreListSubstringsMatch ........................ 31
5.2.7 caseIgnoreMatch ...................................... 31 5.2.7 caseIgnoreMatch ...................................... 31
5.2.8 caseIgnoreOrderingMatch .............................. 31 5.2.8 caseIgnoreOrderingMatch .............................. 32
5.2.9 caseIgnoreSubstringsMatch ............................ 32 5.2.9 caseIgnoreSubstringsMatch ............................ 32
5.2.10 distinguishedNameMatch .............................. 32 5.2.10 distinguishedNameMatch .............................. 33
5.2.11 generalizedTimeMatch ................................ 33 5.2.11 generalizedTimeMatch ................................ 34
5.2.12 generalizedTimeOrderingMatch ........................ 33 5.2.12 generalizedTimeOrderingMatch ........................ 34
5.2.13 integerFirstComponentMatch .......................... 34 5.2.13 integerFirstComponentMatch .......................... 34
5.2.14 integerMatch ........................................ 34 5.2.14 integerMatch ........................................ 35
5.2.15 numericStringMatch .................................. 34 5.2.15 numericStringMatch .................................. 35
5.2.16 numericStringSubstringsMatch ........................ 35 5.2.16 numericStringSubstringsMatch ........................ 36
5.2.17 objectIdentifierFirstComponentMatch ................. 35 5.2.17 objectIdentifierFirstComponentMatch ................. 36
5.2.18 objectIdentifierMatch ............................... 36 5.2.18 objectIdentifierMatch ............................... 37
5.2.19 octetStringMatch .................................... 36 5.2.19 octetStringMatch .................................... 38
5.2.20 telephoneNumberMatch ................................ 37 5.2.20 telephoneNumberMatch ................................ 38
5.2.21 telephoneNumberSubstringsMatch ...................... 37 5.2.21 telephoneNumberSubstringsMatch ...................... 38
5.2.22 uniqueMemberMatch ................................... 38 5.2.22 uniqueMemberMatch ................................... 39
6. Security Considerations ....................................... 38 6. Security Considerations ....................................... 40
7. Acknowledgements .............................................. 39 7. Acknowledgements .............................................. 40
8. IANA Considerations ........................................... 39 8. IANA Considerations ........................................... 40
9. Normative References .......................................... 40 9. Normative References .......................................... 42
10. Informative References ....................................... 42 10. Informative References ....................................... 43
11. Authors' Addresses ........................................... 42 11. Authors' Addresses ........................................... 44
12. Copyright Notice ............................................. 43 12. Intellectual Property Notice ................................. 44
Appendix A. Summary of Syntax Object Identifiers ................. 43 13. Copyright Notice ............................................. 45
Appendix B. Changes from RFC 2252 & RFC 2256 ..................... 44 Appendix A. Summary of Syntax Object Identifiers ................. 45
Appendix B. Changes from RFC 2252 & RFC 2256 ..................... 46
2. Introduction 2. Introduction
Each attribute stored in a Lightweight Directory Access Protocol Each attribute stored in a Lightweight Directory Access Protocol
(LDAP) directory [ROADMAP], and whose values may be transfered in the (LDAP) directory [ROADMAP], and whose values may be transfered in the
LDAP protocol [PROT], has a defined syntax (i.e. data type) which LDAP protocol [PROT], has a defined syntax (i.e. data type) which
constrains the structure and format of its values. The comparison constrains the structure and format of its values. The comparison
semantics for values of a syntax are not part of the syntax semantics for values of a syntax are not part of the syntax
definition but are instead provided through separately defined definition but are instead provided through separately defined
matching rules. Matching rules specify an argument, an assertion matching rules. Matching rules specify an argument, an assertion
skipping to change at page 14, line 32 skipping to change at page 14, line 32
century = 2(%x30-39) ; "00" to "99" century = 2(%x30-39) ; "00" to "99"
year = 2(%x30-39) ; "00" to "99" year = 2(%x30-39) ; "00" to "99"
month = ( %x30 %x31-39 ) ; "01" (January) to "09" month = ( %x30 %x31-39 ) ; "01" (January) to "09"
/ ( %x31 %x30-32 ) ; "10" to "12" / ( %x31 %x30-32 ) ; "10" to "12"
day = ( %x30 %x31-39 ) ; "01" to "09" day = ( %x30 %x31-39 ) ; "01" to "09"
/ ( %x31-32 %x30-39 ) ; "10" to "29" / ( %x31-32 %x30-39 ) ; "10" to "29"
/ ( %x33 %x30-31 ) ; "30" to "31" / ( %x33 %x30-31 ) ; "30" to "31"
hour = ( %x30-31 %x30-39 ) / ( %x32 %x30-33 ) ; "00" to "23" hour = ( %x30-31 %x30-39 ) / ( %x32 %x30-33 ) ; "00" to "23"
minute = %x30-35 %x30-39 ; "00" to "59" minute = %x30-35 %x30-39 ; "00" to "59"
second = %x30-35 %x30-39 ; "00" to "59" second = ( %x30-35 %x30-39 ) ; "00" to "59"
/ ( %x36 %x30 ) ; "60" (a leap second)
GeneralizedTime = century year month day hour GeneralizedTime = century year month day hour
[ minute [ second ] ] [ fraction ] [ minute [ second ] ] [ fraction ]
g-time-zone g-time-zone
fraction = ( DOT / COMMA ) 1*(%x30-39) fraction = ( DOT / COMMA ) 1*(%x30-39)
g-time-zone = %x5A ; "Z" g-time-zone = %x5A ; "Z"
/ g-differential / g-differential
g-differential = ( MINUS / PLUS ) hour [ minute ] g-differential = ( MINUS / PLUS ) hour [ minute ]
MINUS = %x2D ; minus sign ("-") MINUS = %x2D ; minus sign ("-")
skipping to change at page 16, line 18 skipping to change at page 16, line 20
4.3.16 Integer 4.3.16 Integer
A value of the Integer syntax is a whole number of unlimited A value of the Integer syntax is a whole number of unlimited
magnitude. The LDAP-specific encoding of a value of this syntax is magnitude. The LDAP-specific encoding of a value of this syntax is
the optionally signed decimal digit character string representation the optionally signed decimal digit character string representation
of the number (so, for example, the number 1321 is represented by the of the number (so, for example, the number 1321 is represented by the
character string "1321"). The encoding is defined by the following character string "1321"). The encoding is defined by the following
ABNF: ABNF:
Integer = [ HYPHEN ] number Integer = ( HYPHEN LDIGIT *DIGIT ) / number
The <HYPHEN> and <number> rules are defined in [MODELS]. The <HYPHEN>, <LDIGIT>, <DIGIT> and <number> rules are defined in
[MODELS].
The LDAP definition for the Integer syntax is: The LDAP definition for the Integer syntax is:
( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'INTEGER' ) ( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'INTEGER' )
This syntax corresponds to the INTEGER ASN.1 type from [ASN.1]. This syntax corresponds to the INTEGER ASN.1 type from [ASN.1].
4.3.17 JPEG 4.3.17 JPEG
A value of the JPEG syntax is an image in the JPEG File Interchange A value of the JPEG syntax is an image in the JPEG File Interchange
skipping to change at page 28, line 7 skipping to change at page 28, line 12
unreferenced matching rules MAY be published in the matchingRules unreferenced matching rules MAY be published in the matchingRules
attribute. attribute.
If the server supports the extensibleMatch filter, then the server If the server supports the extensibleMatch filter, then the server
MAY use the matchingRuleUse attribute to indicate the applicability MAY use the matchingRuleUse attribute to indicate the applicability
(in an extensibleMatch filter) of selected matching rules to (in an extensibleMatch filter) of selected matching rules to
nominated attribute types. nominated attribute types.
5.2 Matching Rule Definitions 5.2 Matching Rule Definitions
When evaluating the caseExactIA5Match, caseIgnoreIA5Match, When evaluating the numericStringMatch, numericStringSubstringsMatch,
caseIgnoreIA5SubstringsMatch, caseIgnoreListMatch, caseExactIA5Match, caseIgnoreIA5Match, caseIgnoreIA5SubstringsMatch,
caseIgnoreListSubstringsMatch, caseIgnoreMatch, caseIgnoreListMatch, caseIgnoreListSubstringsMatch, caseIgnoreMatch,
caseIgnoreOrderingMatch and caseIgnoreSubstringsMatch matching rules caseIgnoreOrderingMatch and caseIgnoreSubstringsMatch matching rules
multiple adjoining whitespace characters are treated the same as an the assertion value and attribute value are prepared according to the
individual space, and leading and trailing whitespace is ignored. string preparation algorithms [PREP] for LDAP before being compared.
The Transcode, Normalize, Prohibit and Check bidi steps are the same
for each of the matching rules. However, the Map and Insignificant
Character Removal steps depends on the specific rule, as detailed in
the description of these matching rules in the sections that follow.
5.2.1 bitStringMatch 5.2.1 bitStringMatch
The bitStringMatch rule compares an assertion value of the Bit String The bitStringMatch rule compares an assertion value of the Bit String
syntax to an attribute value of a syntax (e.g. the Bit String syntax) syntax to an attribute value of a syntax (e.g. the Bit String syntax)
whose corresponding ASN.1 type is BIT STRING. whose corresponding ASN.1 type is BIT STRING.
If the corresponding ASN.1 type of the attribute syntax does not have If the corresponding ASN.1 type of the attribute syntax does not have
a named bit list (which is the case for the Bit String syntax) then a named bit list (which is the case for the Bit String syntax) then
the rule evaluates to TRUE if and only if the attribute value has the the rule evaluates to TRUE if and only if the attribute value has the
skipping to change at page 28, line 43 skipping to change at page 29, line 6
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
The bitStringMatch rule is an equality matching rule. The bitStringMatch rule is an equality matching rule.
5.2.2 caseExactIA5Match 5.2.2 caseExactIA5Match
The caseExactIA5Match rule compares an assertion value of the IA5 The caseExactIA5Match rule compares an assertion value of the IA5
String syntax to an attribute value of a syntax (e.g the IA5 String String syntax to an attribute value of a syntax (e.g the IA5 String
syntax) whose corresponding ASN.1 type is IA5String. syntax) whose corresponding ASN.1 type is IA5String.
The rule evaluates to TRUE if and only if the attribute value and the The rule evaluates to TRUE if and only if the prepared attribute
assertion value have the same number of characters and corresponding value character string and the prepared assertion value character
characters are the same. Letter case is significant in the string have the same number of characters and corresponding
comparison. characters have the same code point.
In preparing the attribute value and assertion value for comparison,
characters are not case folded in the Map preparation step, and only
Insignificant Space Removal is applied in the Insignificant Character
Removal step.
The LDAP definition for the caseExactIA5Match rule is: The LDAP definition for the caseExactIA5Match rule is:
( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' ( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
The caseExactIA5Match rule is an equality matching rule. The caseExactIA5Match rule is an equality matching rule.
5.2.3 caseIgnoreIA5Match 5.2.3 caseIgnoreIA5Match
The caseIgnoreIA5Match rule compares an assertion value of the IA5 The caseIgnoreIA5Match rule compares an assertion value of the IA5
String syntax to an attribute value of a syntax (e.g the IA5 String String syntax to an attribute value of a syntax (e.g the IA5 String
syntax) whose corresponding ASN.1 type is IA5String. syntax) whose corresponding ASN.1 type is IA5String.
The rule evaluates to TRUE if and only if the attribute value and the The rule evaluates to TRUE if and only if the prepared attribute
assertion value have the same number of characters and corresponding value character string and the prepared assertion value character
characters are the same, ignoring the case of letters. string have the same number of characters and corresponding
characters have the same code point.
In preparing the attribute value and assertion value for comparison,
characters are case folded in the Map preparation step, and only
Insignificant Space Removal is applied in the Insignificant Character
Removal step.
The LDAP definition for the caseIgnoreIA5Match rule is: The LDAP definition for the caseIgnoreIA5Match rule is:
( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' ( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
The caseIgnoreIA5Match rule is an equality matching rule. The caseIgnoreIA5Match rule is an equality matching rule.
5.2.4 caseIgnoreIA5SubstringsMatch 5.2.4 caseIgnoreIA5SubstringsMatch
The caseIgnoreIA5SubstringsMatch rule compares an assertion value of The caseIgnoreIA5SubstringsMatch rule compares an assertion value of
the Substring Assertion syntax to an attribute value of a syntax (e.g the Substring Assertion syntax to an attribute value of a syntax (e.g
the IA5 String syntax) whose corresponding ASN.1 type is IA5String. the IA5 String syntax) whose corresponding ASN.1 type is IA5String.
The rule evaluates to TRUE if and only if the substrings of the The rule evaluates to TRUE if and only if the prepared substrings of
assertion value match disjoint portions of the attribute value in the the assertion value match disjoint portions of the prepared attribute
order of the substrings in the assertion value, and an <initial> value character string in the order of the substrings in the
substring, if present, matches the beginning of the attribute value, assertion value, and an <initial> substring, if present, matches the
and a <final> substring, if present, matches the end of the attribute beginning of the prepared attribute value character string, and a
value. A substring matches a portion of the attribute value if <final> substring, if present, matches the end of the prepared
corresponding characters are the same, ignoring the case of letters. attribute value character string. A prepared substring matches a
portion of the prepared attribute value character string if
corresponding characters have the same code point.
In preparing the attribute value and assertion value substrings for
comparison, characters are case folded in the Map preparation step,
and only Insignificant Space Removal is applied in the Insignificant
Character Removal step.
( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch' ( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
The caseIgnoreIA5SubstringsMatch rule is a substrings matching rule. The caseIgnoreIA5SubstringsMatch rule is a substrings matching rule.
5.2.5 caseIgnoreListMatch 5.2.5 caseIgnoreListMatch
The caseIgnoreListMatch rule compares an assertion value that is a The caseIgnoreListMatch rule compares an assertion value that is a
sequence of strings to an attribute value of a syntax (e.g. the sequence of strings to an attribute value of a syntax (e.g. the
skipping to change at page 31, line 18 skipping to change at page 31, line 46
5.2.7 caseIgnoreMatch 5.2.7 caseIgnoreMatch
The caseIgnoreMatch rule compares an assertion value of the Directory The caseIgnoreMatch rule compares an assertion value of the Directory
String syntax to an attribute value of a syntax (e.g. the Directory String syntax to an attribute value of a syntax (e.g. the Directory
String, Printable String, Country String or Telephone Number syntax) String, Printable String, Country String or Telephone Number syntax)
whose corresponding ASN.1 type is DirectoryString or one of the whose corresponding ASN.1 type is DirectoryString or one of the
alternative string types of DirectoryString, e.g. PrintableString alternative string types of DirectoryString, e.g. PrintableString
(the other alternatives do not correspond to any syntax defined in (the other alternatives do not correspond to any syntax defined in
this document). this document).
The rule evaluates to TRUE if and only if the attribute value and the The rule evaluates to TRUE if and only if the prepared attribute
assertion value have the same number of characters and corresponding value character string and the prepared assertion value character
characters are the same, ignoring the case of letters. string have the same number of characters and corresponding
characters have the same code point.
In preparing the attribute value and assertion value for comparison,
characters are case folded in the Map preparation step, and only
Insignificant Space Removal is applied in the Insignificant Character
Removal step.
The LDAP definition for the caseIgnoreMatch rule is: The LDAP definition for the caseIgnoreMatch rule is:
( 2.5.13.2 NAME 'caseIgnoreMatch' ( 2.5.13.2 NAME 'caseIgnoreMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
The caseIgnoreMatch rule is an equality matching rule. The caseIgnoreMatch rule is an equality matching rule.
5.2.8 caseIgnoreOrderingMatch 5.2.8 caseIgnoreOrderingMatch
The caseIgnoreOrderingMatch rule compares an assertion value of the The caseIgnoreOrderingMatch rule compares an assertion value of the
Directory String syntax to an attribute value of a syntax (e.g. the Directory String syntax to an attribute value of a syntax (e.g. the
Directory String, Printable String, Country String or Telephone Directory String, Printable String, Country String or Telephone
Number syntax) whose corresponding ASN.1 type is DirectoryString or Number syntax) whose corresponding ASN.1 type is DirectoryString or
one of its alternative string types. one of its alternative string types.
The rule evaluates to TRUE if, and only if, in the normal collation The rule evaluates to TRUE if, and only if, in the code point
order for the attribute syntax after lower-case letters in both the collation order, the prepared attribute value character string
attribute and assertion values have been replaced by their upper-case appears earlier than the prepared assertion value character string,
equivalents, the attribute value appears earlier than the assertion i.e. the attribute value is "less than" the assertion value.
value, i.e. the attribute value is "less than" the assertion value.
The collation order for values of the DirectoryString syntax is In preparing the attribute value and assertion value for comparison,
implementation-defined. [Editor's note: this will be specified by a characters are case folded in the Map preparation step, and only
stringprep profile before final publication.] Insignificant Space Removal is applied in the Insignificant Character
Removal step.
The LDAP definition for the caseIgnoreOrderingMatch rule is: The LDAP definition for the caseIgnoreOrderingMatch rule is:
( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' ( 2.5.13.3 NAME 'caseIgnoreOrderingMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
The caseIgnoreOrderingMatch rule is an ordering matching rule. The caseIgnoreOrderingMatch rule is an ordering matching rule.
5.2.9 caseIgnoreSubstringsMatch 5.2.9 caseIgnoreSubstringsMatch
The caseIgnoreSubstringsMatch rule compares an assertion value of the The caseIgnoreSubstringsMatch rule compares an assertion value of the
Substring Assertion syntax to an attribute value of a syntax (e.g. Substring Assertion syntax to an attribute value of a syntax (e.g.
the Directory String, Printable String, Country String or Telephone the Directory String, Printable String, Country String or Telephone
Number syntax) whose corresponding ASN.1 type is DirectoryString or Number syntax) whose corresponding ASN.1 type is DirectoryString or
one of its alternative string types. one of its alternative string types.
The rule evaluates to TRUE if and only if the substrings of the The rule evaluates to TRUE if and only if the prepared substrings of
assertion value match disjoint portions of the attribute value in the the assertion value match disjoint portions of the prepared attribute
order of the substrings in the assertion value, and an <initial> value character string in the order of the substrings in the
substring, if present, matches the beginning of the attribute value, assertion value, and an <initial> substring, if present, matches the
and a <final> substring, if present, matches the end of the attribute beginning of the prepared attribute value character string, and a
value. A substring matches a portion of the attribute value if <final> substring, if present, matches the end of the prepared
corresponding characters are the same, ignoring the case of letters. attribute value character string. A prepared substring matches a
portion of the prepared attribute value character string if
corresponding characters have the same code point.
In preparing the attribute value and assertion value substrings for
comparison, characters are case folded in the Map preparation step,
and only Insignificant Space Removal is applied in the Insignificant
Character Removal step.
The LDAP definition for the caseIgnoreSubstringsMatch rule is: The LDAP definition for the caseIgnoreSubstringsMatch rule is:
( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' ( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
The caseIgnoreSubstringsMatch rule is a substrings matching rule. The caseIgnoreSubstringsMatch rule is a substrings matching rule.
5.2.10 distinguishedNameMatch 5.2.10 distinguishedNameMatch
skipping to change at page 35, line 4 skipping to change at page 35, line 42
assertion value are the same integer value. assertion value are the same integer value.
The LDAP definition for the integerMatch matching rule is: The LDAP definition for the integerMatch matching rule is:
( 2.5.13.14 NAME 'integerMatch' ( 2.5.13.14 NAME 'integerMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
The integerMatch rule is an equality matching rule. The integerMatch rule is an equality matching rule.
5.2.15 numericStringMatch 5.2.15 numericStringMatch
The numericStringMatch rule compares an assertion value of the The numericStringMatch rule compares an assertion value of the
Numeric String syntax to an attribute value of a syntax (e.g the Numeric String syntax to an attribute value of a syntax (e.g the
Numeric String syntax) whose corresponding ASN.1 type is Numeric String syntax) whose corresponding ASN.1 type is
NumericString. NumericString.
The rule evaluates to TRUE if and only if the attribute value and the The rule evaluates to TRUE if and only if the prepared attribute
assertion value are the same string of numerals, ignoring any space value character string and the prepared assertion value character
characters. string have the same number of characters and corresponding
characters have the same code point.
In preparing the attribute value and assertion value for comparison,
characters are not case folded in the Map preparation step, and only
numericString Insignificant Character Removal is applied in the
Insignificant Character Removal step.
The LDAP definition for the numericStringMatch matching rule is: The LDAP definition for the numericStringMatch matching rule is:
( 2.5.13.8 NAME 'numericStringMatch' ( 2.5.13.8 NAME 'numericStringMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
The numericStringMatch rule is an equality matching rule. The numericStringMatch rule is an equality matching rule.
5.2.16 numericStringSubstringsMatch 5.2.16 numericStringSubstringsMatch
The numericStringSubstringsMatch rule compares an assertion value of The numericStringSubstringsMatch rule compares an assertion value of
the Substring Assertion syntax to an attribute value of a syntax (e.g the Substring Assertion syntax to an attribute value of a syntax (e.g
the Numeric String syntax) whose corresponding ASN.1 type is the Numeric String syntax) whose corresponding ASN.1 type is
NumericString. NumericString.
The rule evaluates to TRUE if and only if the substrings of the The rule evaluates to TRUE if and only if the prepared substrings of
assertion value match disjoint portions of the attribute value in the the assertion value match disjoint portions of the prepared attribute
order of the substrings in the assertion value, and an <initial> value character string in the order of the substrings in the
substring, if present, matches the beginning of the attribute value, assertion value, and an <initial> substring, if present, matches the
and a <final> substring, if present, matches the end of the attribute beginning of the prepared attribute value character string, and a
value. A substring matches a portion of the attribute value if <final> substring, if present, matches the end of the prepared
corresponding characters are the same, ignoring any space characters. attribute value character string. A prepared substring matches a
portion of the prepared attribute value character string if
corresponding characters have the same code point.
In preparing the attribute value and assertion value for comparison,
characters are not case folded in the Map preparation step, and only
numericString Insignificant Character Removal is applied in the
Insignificant Character Removal step.
( 2.5.13.10 NAME 'numericStringSubstringsMatch' ( 2.5.13.10 NAME 'numericStringSubstringsMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
The numericStringSubstringsMatch rule is a substrings matching rule. The numericStringSubstringsMatch rule is a substrings matching rule.
5.2.17 objectIdentifierFirstComponentMatch 5.2.17 objectIdentifierFirstComponentMatch
The objectIdentifierFirstComponentMatch rule compares an assertion The objectIdentifierFirstComponentMatch rule compares an assertion
value of the OID syntax to an attribute value of a syntax (e.g the value of the OID syntax to an attribute value of a syntax (e.g the
skipping to change at page 37, line 27 skipping to change at page 38, line 31
The octetStringMatch rule is an equality matching rule. The octetStringMatch rule is an equality matching rule.
5.2.20 telephoneNumberMatch 5.2.20 telephoneNumberMatch
The telephoneNumberMatch rule compares an assertion value of the The telephoneNumberMatch rule compares an assertion value of the
Telephone Number syntax to an attribute value of a syntax (e.g the Telephone Number syntax to an attribute value of a syntax (e.g the
Telephone Number syntax) whose corresponding ASN.1 type is a Telephone Number syntax) whose corresponding ASN.1 type is a
PrintableString representing a telephone number. PrintableString representing a telephone number.
The rule evaluates to TRUE if and only if the attribute value and the The rule evaluates to TRUE if and only if the prepared attribute
assertion value have the same number of characters and corresponding value character string and the prepared assertion value character
characters are the same, ignoring the case of letters, and ignoring string have the same number of characters and corresponding
space and `-' characters. characters have the same code point.
In preparing the attribute value and assertion value for comparison,
characters are case folded in the Map preparation step, and only
telephoneNumber Insignificant Character Removal is applied in the
Insignificant Character Removal step.
The LDAP definition for the telephoneNumberMatch matching rule is: The LDAP definition for the telephoneNumberMatch matching rule is:
( 2.5.13.20 NAME 'telephoneNumberMatch' ( 2.5.13.20 NAME 'telephoneNumberMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
The telephoneNumberMatch rule is an equality matching rule. The telephoneNumberMatch rule is an equality matching rule.
5.2.21 telephoneNumberSubstringsMatch 5.2.21 telephoneNumberSubstringsMatch
The telephoneNumberSubstringsMatch rule compares an assertion value The telephoneNumberSubstringsMatch rule compares an assertion value
of the Substring Assertion syntax to an attribute value of a syntax of the Substring Assertion syntax to an attribute value of a syntax
(e.g the Telephone Number syntax) whose corresponding ASN.1 type is a (e.g the Telephone Number syntax) whose corresponding ASN.1 type is a
PrintableString representing a telephone number. PrintableString representing a telephone number.
The rule evaluates to TRUE if and only if the substrings of the The rule evaluates to TRUE if and only if the prepared substrings of
assertion value match disjoint portions of the attribute value in the the assertion value match disjoint portions of the prepared attribute
order of the substrings in the assertion value, and an <initial> value character string in the order of the substrings in the
substring, if present, matches the beginning of the attribute value, assertion value, and an <initial> substring, if present, matches the
and a <final> substring, if present, matches the end of the attribute beginning of the prepared attribute value character string, and a
value. A substring matches a portion of the attribute value if <final> substring, if present, matches the end of the prepared
corresponding characters are the same, ignoring the case of letters, attribute value character string. A prepared substring matches a
and ignoring space and `-' characters. portion of the prepared attribute value character string if
corresponding characters have the same code point.
In preparing the attribute value and assertion value substrings for
comparison, characters are case folded in the Map preparation step,
and only telephoneNumber Insignificant Character Removal is applied
in the Insignificant Character Removal step.
The LDAP definition for the telephoneNumberSubstringsMatch matching The LDAP definition for the telephoneNumberSubstringsMatch matching
rule is: rule is:
( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch' ( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
The telephoneNumberSubstringsMatch rule is a substrings matching The telephoneNumberSubstringsMatch rule is a substrings matching
rule. rule.
skipping to change at page 41, line 18 skipping to change at page 42, line 32
Specifications: ABNF", RFC 2234, November 1997. Specifications: ABNF", RFC 2234, November 1997.
[UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO [UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO
10646", RFC 2279, January 1998. 10646", RFC 2279, January 1998.
[RFC3383] Zeilenga, K., "IANA Considerations for LDAP", BCP 64, RFC [RFC3383] Zeilenga, K., "IANA Considerations for LDAP", BCP 64, RFC
3383, September 2002. 3383, September 2002.
[LDAPDN] Zeilenga, K., "LDAP: String Representation of [LDAPDN] Zeilenga, K., "LDAP: String Representation of
Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a work Distinguished Names", draft-ietf-ldapbis-dn-xx.txt, a work
in progress, August 2002. in progress, May 2003.
[PROT] Sermersheim, J., "LDAP: The Protocol", draft-ietf-ldapbis- [PROT] Sermersheim, J., "LDAP: The Protocol", draft-ietf-ldapbis-
protocol-xx.txt, a work in progress, December 2002. protocol-xx.txt, a work in progress, March 2003.
[E.123] Notation for national and international telephone numbers, [E.123] Notation for national and international telephone numbers,
ITU-T Recommendation E.123, 1988. ITU-T Recommendation E.123, 1988.
[FAX] Standardization of Group 3 facsimile apparatus for [FAX] Standardization of Group 3 facsimile apparatus for
document transmission - Terminal Equipment and Protocols document transmission - Terminal Equipment and Protocols
for Telematic Services, ITU-T Recommendation T.4, 1993 for Telematic Services, ITU-T Recommendation T.4, 1993
[T.50] International Reference Alphabet (IRA) (Formerly [T.50] International Reference Alphabet (IRA) (Formerly
International Alphabet No. 5 or IA5) Information International Alphabet No. 5 or IA5) Information
skipping to change at page 41, line 47 skipping to change at page 43, line 15
Interpersonal messaging system Interpersonal messaging system
[X.501] ITU-T Recommendation X.501 (1993) | ISO/IEC 9594-2:1994, [X.501] ITU-T Recommendation X.501 (1993) | ISO/IEC 9594-2:1994,
Information Technology - Open Systems Interconnection - Information Technology - Open Systems Interconnection -
The Directory: Models The Directory: Models
[X.520] ITU-T Recommendation X.520 (1993) | ISO/IEC 9594-6:1994, [X.520] ITU-T Recommendation X.520 (1993) | ISO/IEC 9594-6:1994,
Information Technology - Open Systems Interconnection - Information Technology - Open Systems Interconnection -
The Directory: Selected attribute types The Directory: Selected attribute types
[ASN.1] ITU-T Recommendation X.680 (1997) | ISO/IEC 8824-1:1998 [ASN.1] ITU-T Recommendation X.680 (07/02) | ISO/IEC 8824-1
Information Technology - Abstract Syntax Notation One Information technology - Abstract Syntax Notation One
(ASN.1): Specification of basic notation (ASN.1): Specification of basic notation
[ISO3166] ISO 3166, "Codes for the representation of names of [ISO3166] ISO 3166, "Codes for the representation of names of
countries". countries".
[UCS] Universal Multiple-Octet Coded Character Set (UCS) - [UCS] Universal Multiple-Octet Coded Character Set (UCS) -
Architecture and Basic Multilingual Plane, ISO/IEC Architecture and Basic Multilingual Plane, ISO/IEC
10646-1: 1993 (with amendments). 10646-1: 1993 (with amendments).
[JPEG] JPEG File Interchange Format (Version 1.02). Eric [JPEG] JPEG File Interchange Format (Version 1.02). Eric
Hamilton, C-Cube Microsystems, Milpitas, CA, September 1, Hamilton, C-Cube Microsystems, Milpitas, CA, September 1,
1992. 1992.
[MODELS] Zeilenga, K., "LDAP: Directory Information Models", draft-
ietf-ldapbis-models-xx.txt, a work in progress, March
2003.
[PREP] Zeilenga, K., "LDAP: Internationalized String
Preparation", draft-ietf-ldapbis-strprep-xx.txt, a work in
progress, May 2003.
10. Informative References 10. Informative References
[BCP11] Hovey, R. and S. Bradner, "The Organizations Involved in
the IETF Standards Process", BCP 11, RFC 2028, October
1996.
[RFC2252] Wahl, M., Coulbeck, A., Howes, T. and S. Kille, [RFC2252] Wahl, M., Coulbeck, A., Howes, T. and S. Kille,
"Lightweight Directory Access Protocol (v3): Attribute "Lightweight Directory Access Protocol (v3): Attribute
Syntax Definitions", RFC 2252, December 1997. Syntax Definitions", RFC 2252, December 1997.
[RFC2256] Wahl, M., "A Summary of the X.500(96) User Schema for use [RFC2256] Wahl, M., "A Summary of the X.500(96) User Schema for use
with LDAPv3", RFC 2256, December 1997. with LDAPv3", RFC 2256, December 1997.
[RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access [RFC3377] Hodges, J. and R. Morgan, "Lightweight Directory Access
Protocol (v3): Technical Specification", RFC 3377, Protocol (v3): Technical Specification", RFC 3377,
September 2002. September 2002.
skipping to change at page 42, line 41 skipping to change at page 44, line 23
[BER] ITU-T Recommendation X.690 (1997) | ISO/IEC 8825-1:1998 [BER] ITU-T Recommendation X.690 (1997) | ISO/IEC 8825-1:1998
Information Technology - ASN.1 encoding rules: Information Technology - ASN.1 encoding rules:
Specification of Basic Encoding Rules (BER), Canonical Specification of Basic Encoding Rules (BER), Canonical
Encoding Rules (CER) and Distinguished Encoding Rules Encoding Rules (CER) and Distinguished Encoding Rules
(DER) (DER)
11. Authors' Addresses 11. Authors' Addresses
Steven Legg Steven Legg
Adacel Technologies Ltd. Adacel Technologies Ltd.
405-409 Ferntree Gully Road 250 Bay Street
Mount Waverley, Victoria 3149 Brighton, Victoria 3186
AUSTRALIA AUSTRALIA
Phone: +61 3 9451 2107 Phone: +61 3 8530 7710
Fax: +61 3 9541 2121 Fax: +61 3 8530 7888
Email: steven.legg@adacel.com.au Email: steven.legg@adacel.com.au
Kathy Dally Kathy Dally
The MITRE Corp. The MITRE Corp.
7515 Colshire Dr., ms-W650 7515 Colshire Dr., ms-W650
McLean VA 22102 McLean VA 22102
USA USA
Phone: +1 703 883 6058 Phone: +1 703 883 6058
Fax: +1 703 883 7142 Fax: +1 703 883 7142
Email: kdally@mitre.org Email: kdally@mitre.org
skipping to change at page 43, line 14 skipping to change at page 44, line 41
Kathy Dally Kathy Dally
The MITRE Corp. The MITRE Corp.
7515 Colshire Dr., ms-W650 7515 Colshire Dr., ms-W650
McLean VA 22102 McLean VA 22102
USA USA
Phone: +1 703 883 6058 Phone: +1 703 883 6058
Fax: +1 703 883 7142 Fax: +1 703 883 7142
Email: kdally@mitre.org Email: kdally@mitre.org
12. Copyright Notice 12. Intellectual Property Notice
The IETF takes no position regarding the validity or scope of any
intellectual property or other rights that might be claimed to
pertain to the implementation or use of the technology described in
this document or the extent to which any license under such rights
might or might not be available; neither does it represent that it
has made any effort to identify any such rights. Information on the
IETF's procedures with respect to rights in standards-track and
standards-related documentation can be found in BCP-11. [BCP11]
Copies of claims of rights made available for publication and any
assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use of
such proprietary rights by implementors or users of this
specification can be obtained from the IETF Secretariat.
The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary
rights which may cover technology that may be required to practice
this standard. Please address the information to the IETF Executive
Director.
13. Copyright Notice
Copyright (C) The Internet Society (2003). All Rights Reserved. Copyright (C) The Internet Society (2003). All Rights Reserved.
This document and translations of it may be copied and furnished to This document and translations of it may be copied and furnished to
others, and derivative works that comment on or otherwise explain it others, and derivative works that comment on or otherwise explain it
or assist in its implementation may be prepared, copied, published or assist in its implementation may be prepared, copied, published
and distributed, in whole or in part, without restriction of any and distributed, in whole or in part, without restriction of any
kind, provided that the above copyright notice and this paragraph are kind, provided that the above copyright notice and this paragraph are
included on all such copies and derivative works. However, this included on all such copies and derivative works. However, this
document itself may not be modified in any way, such as by removing document itself may not be modified in any way, such as by removing
skipping to change at line 2109 skipping to change at page 49, line 21
at draft standard maturity. at draft standard maturity.
28. The protocolInformationMatch matching rule has been removed as it 28. The protocolInformationMatch matching rule has been removed as it
depends on an undefined assertion syntax (Protocol Information). depends on an undefined assertion syntax (Protocol Information).
29. The definitive reference for ASN.1 has been changed from X.208 to 29. The definitive reference for ASN.1 has been changed from X.208 to
X.680 since X.680 is the version of ASN.1 referred to by X.500. X.680 since X.680 is the version of ASN.1 referred to by X.500.
30. The specification of the caseIgnoreListSubstringsMatch matching 30. The specification of the caseIgnoreListSubstringsMatch matching
rule from RFC 2798 & X.520 has been added to this document. rule from RFC 2798 & X.520 has been added to this document.
31. String preparation algorithms have been applied to the character
string matching rules.
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/